CVE-2014-8182
First published: Fri May 09 2014(Updated: )
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openldap Openldap | =2.4 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| debian/openldap | 2.4.57+dfsg-3+deb11u1 2.5.13+dfsg-5 2.5.18+dfsg-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=893821&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=893821&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c7
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=733078
- http://www.openldap.org/its/index.cgi/Incoming?id=7027;page=8
- http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=7027
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c19
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1164369
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095976#c22
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=733435
- https://rhn.redhat.com/errata/RHBA-2015-1292.html
- https://rhn.redhat.com/errata/RHSA-2015-2131.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1095976
- https://access.redhat.com/security/cve/cve-2014-8182
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8182
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-8182
- https://security-tracker.debian.org/tracker/CVE-2014-8182
- https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8182
- agent/tags
- agent/trending
- vendor/openldap
- canonical/openldap openldap
- version/openldap openldap/2.4
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/debian